CVE-2021-39112 Vulnerability Details

  /     /     /  

CVE-2021-39112 Metadata Quick Info

CVE Published: 25/08/2021 | CVE Updated: 11/10/2024 | CVE Year: 2021
Source: atlassian | Vendor: Atlassian | Product: Jira Server
Status : PUBLISHED

---

CVE-2021-39112 Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1022
CWE Name: CWE-1022: Use of Web Link to Untrusted Target with window.opener Access
Source: Atlassian

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).